lastname=user.lastname,

                                email=user.email,

                                active=user.active,

                                admin=user.admin,

                                ldap=user.ldap_dn))

        return result

    @HasPermissionAllDecorator('hg.admin')

    def create_user(self, apiuser, username, password, firstname,

                    lastname, email, active=True, admin=False, ldap_dn=None):

        """

        Create new user

        :param apiuser:

        :param username:

        :param password:

        :param name:

        :param lastname:

        :param email:

        :param active:

        :param admin:

        :param ldap_dn:

        """

            raise JSONRPCError("user %s already exist" % username)

        try:

            UserModel().create_or_update(username, password, email, firstname, 

                                         lastname, active, admin, ldap_dn)

            return dict(msg='created new user %s' % username)

        except Exception:

            log.error(traceback.format_exc())

            raise JSONRPCError('failed to create user %s' % username)

    @HasPermissionAllDecorator('hg.admin')

    def get_users_group(self, apiuser, group_name):

        """"

        Get users group by name

        :param apiuser

        :param group_name

        """

        users_group = UsersGroup.get_by_group_name(group_name)

        if not users_group:

            return None

        members = []

                c.changes.append(('changed', node, diff, cs1, cs2))

        response.content_type = 'text/plain'

        if method == 'download':

            response.content_disposition = 'attachment; filename=%s.patch' \

                                            % revision

        c.parent_tmpl = ''.join(['# Parent  %s\n' % x.raw_id for x in

                                                 c.changeset.parents])

        c.diffs = ''

        for x in c.changes:

            c.diffs += x[2]

        return render('changeset/raw_changeset.html')

    def comment(self, repo_name, revision):

        ChangesetCommentsModel().create(text=request.POST.get('text'),

                                        repo_id=c.rhodecode_db_repo.repo_id,

                                        user_id=c.rhodecode_user.user_id,

                                        revision=revision,

                                        f_path=request.POST.get('f_path'),

                                        line_no=request.POST.get('line'))

        return redirect(h.url('changeset_home', repo_name=repo_name,

                              revision=revision))

    @jsonify

        co = ChangesetComment.get(comment_id)

        owner = lambda : co.author.user_id == c.rhodecode_user.user_id

        if h.HasPermissionAny('hg.admin', 'repository.admin')() or owner:

            ChangesetCommentsModel().delete(comment=co)

            return True

        else:

            raise HTTPForbidden()

from pylons import config, session, url, request

from pylons.controllers.util import abort, redirect

from pylons.i18n.translation import _

from rhodecode import __platform__, PLATFORM_WIN, PLATFORM_OTHERS

if __platform__ in PLATFORM_WIN:

    from hashlib import sha256

if __platform__ in PLATFORM_OTHERS:

    import bcrypt

from rhodecode.lib import str2bool, safe_unicode

from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError

from rhodecode.lib.utils import get_repo_slug

from rhodecode.lib.auth_ldap import AuthLdap

from rhodecode.model import meta

from rhodecode.model.user import UserModel

from rhodecode.model.db import Permission, RhodeCodeSetting, User

log = logging.getLogger(__name__)

class PasswordGenerator(object):

        passwd_gen = PasswordGenerator()

        #print 8-letter password containing only big and small letters

            of alphabet

        print passwd_gen.gen_password(8, passwd_gen.ALPHABETS_BIG_SMALL)

    """

    ALPHABETS_NUM = r'''1234567890'''

    ALPHABETS_SMALL = r'''qwertyuiopasdfghjklzxcvbnm'''

    ALPHABETS_BIG = r'''QWERTYUIOPASDFGHJKLZXCVBNM'''

    ALPHABETS_SPECIAL = r'''`-=[]\;',./~!@#$%^&*()_+{}|:"<>?'''

    ALPHABETS_FULL = ALPHABETS_BIG + ALPHABETS_SMALL \

        + ALPHABETS_NUM + ALPHABETS_SPECIAL

    ALPHABETS_ALPHANUM = ALPHABETS_BIG + ALPHABETS_SMALL + ALPHABETS_NUM

    ALPHABETS_BIG_SMALL = ALPHABETS_BIG + ALPHABETS_SMALL

    ALPHABETS_ALPHANUM_BIG = ALPHABETS_BIG + ALPHABETS_NUM

    ALPHABETS_ALPHANUM_SMALL = ALPHABETS_SMALL + ALPHABETS_NUM

    def __init__(self, passwd=''):

        self.passwd = passwd

    def gen_password(self, len, type):

        self.passwd = ''.join([random.choice(type) for _ in xrange(len)])

        return self.passwd

        cls = fargs[0]

        user = cls.rhodecode_user

        api_access_ok = False

        if self.api_access:

            log.debug('Checking API KEY access for %s', cls)

            if user.api_key == request.GET.get('api_key'):

                api_access_ok = True

            else:

                log.debug("API KEY token not valid")

        log.debug('Checking if %s is authenticated @ %s', user.username, cls)

        if user.is_authenticated or api_access_ok:

            log.debug('user %s is authenticated', user.username)

            return func(*fargs, **fkwargs)

        else:

            log.warn('user %s NOT authenticated', user.username)

            p = url.current()

            log.debug('redirecting to login page with %s', p)

            return redirect(url('login_home', came_from=p))

class NotAnonymous(object):

    redirect to login page"""

    def __call__(self, func):

        return decorator(self.__wrapper, func)

    def __wrapper(self, func, *fargs, **fkwargs):

        cls = fargs[0]

        self.user = cls.rhodecode_user

        log.debug('Checking if user is not anonymous @%s', cls)

        anonymous = self.user.username == 'default'

        if anonymous:

            p = url.current()

            import rhodecode.lib.helpers as h

            h.flash(_('You need to be a registered user to '

                      'perform this action'),

                    category='warning')

            return redirect(url('login_home', came_from=p))

        else:

            return func(*fargs, **fkwargs)

            log.warning('Permission denied for %s %s', cls, self.user)

            anonymous = self.user.username == 'default'

            if anonymous:

                p = url.current()

                import rhodecode.lib.helpers as h

                h.flash(_('You need to be a signed in to '

                          'view this page'),

                        category='warning')

                return redirect(url('login_home', came_from=p))

            else:

                # redirect with forbidden ret code

                return abort(403)

    def check_permissions(self):

        """Dummy function for overriding"""

        raise Exception('You have to write this function in child class')

class HasPermissionAllDecorator(PermsDecorator):

    have to be meet in order to fulfill the request

    """

    def check_permissions(self):

        if self.required_perms.issubset(self.user_perms.get('global')):

            return True

        return False

class HasPermissionAnyDecorator(PermsDecorator):

    fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        if self.required_perms.intersection(self.user_perms.get('global')):

            return True

        return False

class HasRepoPermissionAllDecorator(PermsDecorator):

    repository. All of them have to be meet in order to fulfill the request

    """

    def check_permissions(self):

        repo_name = get_repo_slug(request)

        try:

            user_perms = set([self.user_perms['repositories'][repo_name]])

        except KeyError:

            return False

        if self.required_perms.issubset(user_perms):

            return True

        return False

class HasRepoPermissionAnyDecorator(PermsDecorator):

    repository. In order to fulfill the request any of predicates must be meet

    """

    def check_permissions(self):

        repo_name = get_repo_slug(request)

        try:

            user_perms = set([self.user_perms['repositories'][repo_name]])

        except KeyError:

            return False

        if self.required_perms.intersection(user_perms):

            return True

        return False

#==============================================================================

# CHECK FUNCTIONS

#==============================================================================

class PermsFunction(object):

    """Base function for other check functions"""

    def __init__(self, *perms):

        available_perms = config['available_permissions']

            def step_1(self):

                pass

            def step_2(self):

                print ('Patching repo paths for newer version of RhodeCode')

                self.klass.fix_repo_paths()

                print ('Patching default user of RhodeCode')

                self.klass.fix_default_user()

                log.info('Changing ui settings')

                self.klass.create_ui_settings()

            def step_3(self):

                print ('Adding additional settings into RhodeCode db')

                self.klass.fix_settings()

                print ('Adding ldap defaults')

                self.klass.create_ldap_options(skip_existing=True)

        upgrade_steps = [0] + range(curr_version + 1, __dbversion__ + 1)

        #CALL THE PROPER ORDER OF STEPS TO PERFORM FULL UPGRADE

        for step in upgrade_steps:

            print ('performing upgrade step %s' % step)

    def fix_repo_paths(self):

        """Fixes a old rhodecode version path into new one without a '*'

        """

        paths = self.sa.query(RhodeCodeUi)\

                .filter(RhodeCodeUi.ui_key == '/')\

                .scalar()

        paths.ui_value = paths.ui_value.replace('*', '')

        try:

            self.sa.add(paths)

            self.sa.commit()

        except:

            self.sa.rollback()

            raise

    def fix_default_user(self):

        """Fixes a old default user with some 'nicer' default values,

        used mostly for anonymous access

        """

        def_user = self.sa.query(User)\

                .filter(User.username == 'default')\

"""Helper functions

Consists of functions to typically be used within templates, but also

available to Controllers. This module is available to both as 'h'.

"""

import random

import hashlib

import StringIO

import urllib

import math

from datetime import datetime

from pygments import highlight as code_highlight

from pylons import url, request, config

from pylons.i18n.translation import _, ungettext

from webhelpers.html import literal, HTML, escape

from webhelpers.html.tools import *

from webhelpers.html.builder import make_tag

from webhelpers.html.tags import auto_discovery_link, checkbox, css_classes, \

    end_form, file, form, hidden, image, javascript_link, link_to, link_to_if, \

    link_to_unless, ol, required_legend, select, stylesheet_link, submit, text, \

    password, textarea, title, ul, xml_declaration, radio

from webhelpers.html.tools import auto_link, button_to, highlight, js_obfuscate, \

    mail_to, strip_links, strip_tags, tag_re

from webhelpers.number import format_byte_size, format_bit_size

from webhelpers.pylonslib import Flash as _Flash

from webhelpers.pylonslib.secure_form import secure_form

from webhelpers.text import chop_at, collapse, convert_accented_entities, \

    convert_misc_entities, lchop, plural, rchop, remove_formatting, \

    replace_whitespace, urlify, truncate, wrap_paragraphs

from webhelpers.date import time_ago_in_words

from webhelpers.paginate import Page

from webhelpers.html.tags import _set_input_attrs, _set_id_attr, \

    convert_boolean_attrs, NotGiven, _make_safe_id_component

                    # Note: we should handle calculating the charset

                    file_part = MIMEText(self.get_content(msg_file),

                                         _subtype=subtype)

                elif maintype == 'image':

                    file_part = MIMEImage(self.get_content(msg_file),

                                          _subtype=subtype)

                elif maintype == 'audio':

                    file_part = MIMEAudio(self.get_content(msg_file),

                                          _subtype=subtype)

                else:

                    file_part = MIMEBase(maintype, subtype)

                    file_part.set_payload(self.get_content(msg_file))

                    # Encode the payload using Base64

                    encoders.encode_base64(msg)

                # Set the filename parameter

                file_part.add_header('Content-Disposition', 'attachment',

                                     filename=f_name)

                file_part.add_header('Content-Type', ctype, name=f_name)

                msg.attach(file_part)

        else:

            raise Exception('Attachment files should be'

                            'a dict in format {"filename":"filepath"}')

    def get_content(self, msg_file):

        else just read because it's a probably open file object

        :param msg_file:

        """

        if isinstance(msg_file, str):

            return open(msg_file, "rb").read()

        else:

            # just for safe seek to 0

            msg_file.seek(0)

            return msg_file.read()

        if group is None:

            group = RepoGroup(group_name, parent)

            sa.add(group)

            sa.commit()

        parent = group

    return group

def repo2db_mapper(initial_repo_list, remove_obsolete=False):

    """

    maps all repos given in initial_repo_list, non existing repositories

    are created, if remove_obsolete is True it also check for db entries

    that are not in initial_repo_list and removes them.

    :param initial_repo_list: list of repositories found by scanning methods

    :param remove_obsolete: check for obsolete entries in database

    """

    from rhodecode.model.repo import RepoModel

    sa = meta.Session()

    rm = RepoModel()

    user = sa.query(User).filter(User.admin == True).first()

    if user is None:

        raise Exception('Missing administrative account !')    

    added = []

    for name, repo in initial_repo_list.items():

        group = map_groups(name.split(Repository.url_sep()))

        if not rm.get_by_repo_name(name, cache=False):

            log.info('repository %s not found creating default', name)

            added.append(name)

            form_data = {

                         'repo_name': name,

                         'repo_name_full': name,

                         'repo_type': repo.alias,

                         'description': repo.description \

                            if repo.description != 'unknown' else \

                                        '%s repository' % name,

                         'private': False,

                         'group_id': getattr(group, 'group_id', None)

                         }

            rm.create(form_data, user, just_db=True)

    removed = []

    if remove_obsolete:

        #remove from database those repositories that are not in the filesystem

        for repo in sa.query(Repository).all():

            if repo.repo_name not in initial_repo_list.keys():

                removed.append(repo.repo_name)

                sa.delete(repo)

    from rhodecode.lib.indexers.daemon import WhooshIndexingDaemon

    from rhodecode.lib.pidlock import DaemonLock, LockHeld

    repo_location = repo_location

    index_location = os.path.join(config['app_conf']['index_dir'])

    if not os.path.exists(index_location):

        os.makedirs(index_location)

    try:

        l = DaemonLock(file_=jn(dn(index_location), 'make_index.lock'))

        WhooshIndexingDaemon(index_location=index_location,

                             repo_location=repo_location)\

            .run(full_index=full_index)

        l.release()

    except LockHeld:

        pass

def create_test_env(repos_test_path, config):

    """Makes a fresh database and

    install test repository into tmp dir

    """

    from rhodecode.lib.db_manage import DbManage

    import tarfile

    import shutil

    from os.path import abspath

    # PART ONE create db

    dbconf = config['sqlalchemy.db1.url']

    log.debug('making test db %s', dbconf)

    # create test dir if it doesn't exist

    if not os.path.isdir(repos_test_path):

        log.debug('Creating testdir %s' % repos_test_path)

        os.makedirs(repos_test_path)

    dbmanage = DbManage(log_sql=True, dbconf=dbconf, root=config['here'],

                        tests=True)

    dbmanage.create_tables(override=True)

    dbmanage.create_settings(dbmanage.config_prompt(repos_test_path))

    dbmanage.create_default_user()

    dbmanage.admin_prompt()

    dbmanage.create_permissions()

    dbmanage.populate_default_permissions()

    # PART TWO make test repo

    log.debug('making test vcs repositories')

    """

    Initializes db session, bind the engine with the metadata,

    Call this before using any of the tables or classes in the model,

    preferably once in application start

    :param engine: engine to bind to

    """

    log.info("initializing db for %s", engine)

    meta.Base.metadata.bind = engine

class BaseModel(object):

    """Base Model for all RhodeCode models, it adds sql alchemy session

    into instance of model

    :param sa: If passed it reuses this session instead of creating a new one

    """

    def __init__(self, sa=None):

        if sa is not None:

            self.sa = sa

        else:

            self.sa = meta.Session()

        """

        Get's instance of given cls using some simple lookup mechanism

        :param cls: class to fetch

        :param instance: int or Instance

        """

        if isinstance(instance, cls):

            return instance

        elif isinstance(instance, int) or str(instance).isdigit():

            return cls.get(instance)

        else:

            if instance:

                raise Exception('given object must be int or Instance'

                                ' of %s got %s' % (type(cls),

                                                   type(instance)))

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

from pylons.i18n.translation import _

from sqlalchemy.util.compat import defaultdict

from rhodecode.lib import extract_mentioned_users

from rhodecode.lib import helpers as h

from rhodecode.model import BaseModel

from rhodecode.model.db import ChangesetComment, User, Repository, Notification

from rhodecode.model.notification import NotificationModel

log = logging.getLogger(__name__)

class ChangesetCommentsModel(BaseModel):

    def __get_changeset_comment(self, changeset_comment):

    def _extract_mentions(self, s):

        user_objects = []

        for username in extract_mentioned_users(s):

            user_obj = User.get_by_username(username, case_insensitive=True)

            if user_obj:

                user_objects.append(user_obj)

        return user_objects

    def create(self, text, repo_id, user_id, revision, f_path=None,

               line_no=None):

        """

        Creates new comment for changeset

        :param text:

        :param repo_id:

        :param user_id:

        :param revision:

        :param f_path:

        :param line_no:

        """

        if text:

            repo = Repository.get(repo_id)

            comment = ChangesetComment()

            comment.repo = repo

            comment.user_id = user_id

            comment.revision = revision

            comment.text = text

            comment.f_path = f_path

            comment.line_no = line_no

            self.sa.add(comment)

            self.sa.flush()

            # make notification

            line = ''

            if line_no:

                line = _('on line %s') % line_no

            subj = h.link_to('Re commit: %(commit_desc)s %(line)s' % \

                                    {'commit_desc':desc, 'line':line},

                             h.url('changeset_home', repo_name=repo.repo_name,

                                   revision=revision,

                                   anchor='comment-%s' % comment.comment_id

                                   )

                             )

            body = text

            recipients = ChangesetComment.get_users(revision=revision)

            NotificationModel().create(created_by=user_id, subject=subj,

                                   body=body, recipients=recipients,

                                   type_=Notification.TYPE_CHANGESET_COMMENT)

            return comment

    def delete(self, comment):

        """

        Deletes given comment

        :param comment_id:

        """

        comment = self.__get_changeset_comment(comment)

        self.sa.delete(comment)

        return comment

    def get_comments(self, repo_id, revision):

        return ChangesetComment.query()\

                .filter(ChangesetComment.repo_id == repo_id)\

                .filter(ChangesetComment.revision == revision)\

                .filter(ChangesetComment.line_no == None)\

                .filter(ChangesetComment.f_path == None).all()

    def get_inline_comments(self, repo_id, revision):

        comments = self.sa.query(ChangesetComment)\

            .filter(ChangesetComment.repo_id == repo_id)\

                                     self.user_id, self.username)

    @classmethod

    def get_by_username(cls, username, case_insensitive=False, cache=False):

        if case_insensitive:

            q = cls.query().filter(cls.username.ilike(username))

        else:

            q = cls.query().filter(cls.username == username)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_user_%s" % username))

        return q.scalar()

    @classmethod

    def get_by_api_key(cls, api_key, cache=False):

        q = cls.query().filter(cls.api_key == api_key)

        if cache:

            q = q.options(FromCache("sql_cache_short",

                                    "get_api_key_%s" % api_key))

        return q.scalar()

    def update_lastlogin(self):

        """Update user lastlogin"""

        self.last_login = datetime.datetime.now()

        Session().add(self)

        Session().commit()

        log.debug('updated user %s lastlogin', self.username)

class UserLog(Base, BaseModel):

    __tablename__ = 'user_logs'

    __table_args__ = {'extend_existing':True}

    user_log_id = Column("user_log_id", Integer(), nullable=False, unique=True, default=None, primary_key=True)

    user_id = Column("user_id", Integer(), ForeignKey('users.user_id'), nullable=False, unique=None, default=None)

    repository_id = Column("repository_id", Integer(), ForeignKey('repositories.repo_id'), nullable=False, unique=None, default=None)

    repository_name = Column("repository_name", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    user_ip = Column("user_ip", String(length=255, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action = Column("action", UnicodeText(length=1200000, convert_unicode=False, assert_unicode=None), nullable=True, unique=None, default=None)

    action_date = Column("action_date", DateTime(timezone=False), nullable=True, unique=None, default=None)

    @property

    def action_as_day(self):

        return date(*self.action_date.timetuple()[:3])

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 3 of the License, or

# (at your option) any later version.

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with this program.  If not, see <http://www.gnu.org/licenses/>.

import logging

import traceback

from pylons.i18n.translation import _

from rhodecode.lib.helpers import age

from rhodecode.model import BaseModel

from rhodecode.model.db import Notification, User, UserNotification

log = logging.getLogger(__name__)

class NotificationModel(BaseModel):

    def __get_user(self, user):

            return User.get_by_username(username=user)

        else:

    def __get_notification(self, notification):

        if isinstance(notification, Notification):

            return notification

        elif isinstance(notification, int):

            return Notification.get(notification)

        else:

            if notification:

                raise Exception('notification must be int or Instance'

                                ' of Notification got %s' % type(notification))

    def create(self, created_by, subject, body, recipients,

               type_=Notification.TYPE_MESSAGE):

        """

        Creates notification of given type

        :param created_by: int, str or User instance. User who created this

            notification

        :param subject:

        :param body:

        :param recipients: list of int, str or User objects

        :param type_: type of notification

        """

        if not getattr(recipients, '__iter__', False):

            raise Exception('recipients must be a list of iterable')

        created_by_obj = self.__get_user(created_by)

        recipients_objs = []

        for u in recipients:

        recipients_objs = set(recipients_objs)

        return Notification.create(created_by=created_by_obj, subject=subject,

                            body=body, recipients=recipients_objs,